Privacy Policy

Effective Date: May 7, 2026
Last Updated: May 7, 2026
Version: 1.6.0

Introduction

We take your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the Service.

We combine real-identity dating (MATCH), anonymous community engagement (SPACES), and a marketplace experience (HUNTER). We maintain strict data separation between them — your real identity in MATCH is never linked to your activity in SPACES and HUNTER, and your SPACES or HUNTER identities are never linked to your MATCH profile.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

Account Registration

  • Email address
  • Password (stored using bcrypt hashing — we never store your actual password)
  • Date of birth (to verify you are 18 or older)

MATCH Profile (Real Identity)

  • Real name
  • Profile photos and gallery images
  • Age, gender and gender preferences
  • Location (city-level, used for matching)
  • Bio and personal details
  • Interests and preferences
  • Match preferences (distance, age range, etc.)

SPACES Profile (Anonymous)

  • Username (pseudonym, not linked to your real name)
  • Avatar image
  • Persona details for each Space you join

HUNTER Activity (Marketplace)

  • Listings you create (item descriptions, images, pricing, category)
  • Purchase and transaction activity
  • Messages related to marketplace interactions
  • Shipping or delivery information you choose to provide to other users
  • Seller or buyer preferences and activity

Coins Activity

  • Coin balance and ledger (purchases, gifts, transfers, redemptions). Coins are an in-app virtual currency. They have no monetary value today and may not be exchanged for real currency. We may introduce future redeemability options. Any such change would be communicated in advance and require your explicit acceptance.

Trophies and Pins

  • Achievements you earn (trophies, fandom pins, badges), level progression, brag-page state.

Safety Actions

  • Block list, mute list, reports you submit (against users or content), reports submitted against you (retained per Section 5).

Content You Create

  • Messages sent in MATCH conversations
  • Messages, posts, comments and reactions in SPACES
  • Marketplace communications in HUNTER
  • Reports you submit about users or content
  • Feedback and support requests

Payment Information

  • In-app purchase history (subscriptions and one-time purchases)
  • Note: For MATCH and SPACES, payment processing is handled entirely by Apple (App Store) and Google (Google Play). We do not collect or store your credit card number, bank account details, or other financial payment instruments.

1.2 Information We Collect Automatically

Device and Usage Information

  • Device type, operating system and version
  • IP address
  • App usage patterns and feature interactions
  • Crash reports and performance data (via Sentry)

Location Data

  • With your consent, we collect location data to provide distance-based matching in MATCH
  • Location data is retained for 90 days and then automatically deleted
  • You can disable location sharing at any time through your device settings

1.3 Information from Third Parties

Authentication Providers

  • If you sign in using Google Sign-In or Apple Sign-In (direct, via the platform-native SDKs), we receive your email address and basic profile information from the authentication provider
  • We do not receive or store your passwords from third-party authentication providers

1.4 Biometric Data (GDPR Article 9 Special Category)

Biometric data (GDPR Article 9 special category): During onboarding we run a liveness check on a selfie photo to confirm you are a real person and prevent impersonation. The selfie is also compared against the photos you upload to your MATCH gallery, so the face shown on your profile matches the face that completed verification — this is how we block catfishing and account takeovers. The face-comparison runs through AWS Rekognition.

Legal basis: we process this biometric data with your explicit consent under GDPR Article 9(2)(a). Our Article 6 basis for collecting and retaining it is your consent under Article 6(1)(a). Where we later use the retained selfie to investigate safety reports, impersonation, disputes or account-takeover risk, we may also rely on our legitimate interests in platform safety and fraud prevention under Article 6(1)(f).

What we retain:

  • The selfie image itself, stored in our own storage on Google Cloud Storage. We keep it for the lifetime of your account so authorised StarDust Meet staff can re-verify the face-match if a dispute, identity audit or safety report is raised. Every admin access to your selfie is recorded in our security audit log.
  • A confidence score and liveness_passed boolean, derived from the comparison.

What we send to AWS Rekognition: the image is transmitted to AWS only for the per-call comparison. We do not store selfies in AWS Rekognition and we do not use Rekognition Indexed Collections.

Your rights: you may withdraw consent and request erasure of your selfie and the derived score at any time by emailing privacy@stardustmeet.com (and, when available, via Settings > Privacy). The selfie is permanently deleted from our storage when your account is deleted.

2. How We Use Your Information

Providing the Service

  • Creating and managing your account
  • Operating the MATCH experience (profile display, matching, messaging)
  • Operating the SPACES experience (personas, posts, comments)
  • Operating the HUNTER marketplace (listings, discovery and user-to-user transactions)
  • Processing in-app purchases and managing subscriptions

Safety and Security

  • Verifying user identity (including age and identity verification)
  • Detecting and preventing fraud, abuse and policy violations
  • Investigating reports and enforcing Community Guidelines
  • Maintaining platform safety for all users

Improving the Service

  • Analysing usage patterns to improve features and user experience
  • Diagnosing technical issues and fixing bugs
  • Developing new features and services

Communications

  • Sending service-related notifications (matches, messages, SPACES activity, HUNTER activity)
  • Sending important account and security alerts
  • With your consent, sending marketing communications about new features and promotions

3. Data Separation Between MATCH, SPACES, and HUNTER

Data separation is a core principle of our platform. We enforce this separation at every level of our architecture.

What this means for you:

  • Your real identity in MATCH is never visible in SPACES or HUNTER
  • Your anonymous identity in SPACES is never visible in MATCH or HUNTER
  • Other users cannot discover your identity across MATCH, SPACES and HUNTER
  • No cross-referencing or linking occurs between these environments

Technical enforcement:

  • MATCH, SPACES and HUNTER data are stored in separate or logically isolated systems
  • API access is context-restricted — endpoints cannot access data outside their environment
  • No database joins or queries combine identities across environments

4. How We Share Your Information

We do not sell your personal information to third parties.

4.1 With Other Users

In MATCH: Your profile (name, photos, bio, age, interests) is visible to other users, subject to your preferences.

In SPACES: Your anonymous persona and content are visible to members of the Spaces you join. Your real identity is never disclosed.

In HUNTER: Listings, marketplace activity and communications are visible to other users. You are responsible for any information you choose to share in marketplace interactions.

4.2 With Service Providers

All service providers support MATCH, SPACES and HUNTER functionality and are bound by data processing agreements.

Service ProviderPurposeData Shared
Google Sign-In / Apple Sign-In (platform-native SDKs)User authentication via Google or Apple IDEmail address, basic profile info from auth provider. We use the platform-native SDKs directly — we do not use Firebase Authentication.
Firebase Analytics (Google)App usage analyticsDevice info, anonymised usage events (no personal profile data)
Google Analytics 4 (Google)Website usage analytics (stardustmeet.com only, with consent)Anonymised page views, referrer, device class, IP truncated. Loaded in Consent Mode v2 — denied by default until you accept via the cookie bar
WiredashIn-app feedback collectionFeedback text, screenshot of current screen, device info, app version (submitted only when user sends feedback)
GiphyGIF search in chatGIF search queries (Giphy may collect search analytics per their Terms of Service; no personal profile data is sent)
Encore.devBackend infrastructure and hostingAll service data (processed, not shared externally)
SentryError monitoring and crash reportingDevice info, error logs (no personal profile data)
SendGridTransactional email deliveryEmail address, email content
Google MapsLocation services for matchingApproximate location
Apple / GoogleIn-app purchase processingPurchase transaction data
OneSignalPush notification deliveryDevice tokens, notification preferences
Google Cloud Storage (GCS)File and image storageUploaded photos and files (encrypted at rest)
StripePayment processing and escrow for HUNTER marketplace; subscription billing for Pro tiers via Apple/Google IAP gateway.Transaction metadata, buyer/seller IDs, escrow state. Card details are entered directly into Stripe's PCI-DSS-compliant SDK and never reach our servers.
AnthropicAI-powered match compatibility analysis and conversation suggestions (Pro subscribers only).Bio text and interest selections only — no names, emails, photos, or location. Prompts are not retained for training per Anthropic's API terms.
Voyage AI (MongoDB)AI-powered match compatibility analysis (Pro subscribers)Profile interests and bio text only (no names, emails, photos, or location)
AWS RekognitionPhoto verification face comparison (selfie vs MATCH gallery)Image sent to Rekognition only for the per-call comparison; AWS does not retain it. We retain the selfie in our own storage so authorised admin staff can re-verify a face-match in disputes — permanently deleted when your account is deleted

All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

4.3 For Legal Reasons

We may disclose your information if required to:

  • Comply with applicable law
  • Protect the safety of any person
  • Prevent fraud or abuse
  • Protect our rights or property

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you in advance.

5. Data Retention

We retain your information only as long as necessary:

Data TypeRetention Period
Active user profile dataDuration of your account
Inactive user data2 years after last activity, then deleted
Messages1 year
Location data90 days
Analytics data2 years
Safety reports7 years (legal obligation)
Audit logs7 years (legal obligation)
Marketplace transaction data7 years (legal/accounting obligations)
Financial/purchase records7 years (legal obligation)
Deleted account data30-day grace period, then permanently deleted

We use automated systems to delete or anonymise data after retention periods expire.

When your account is deleted, all safety reports and blocks associated with you are anonymised (personal identifiers removed), but the de-identified data is retained permanently for platform safety analysis and legal compliance.

6. Your Rights and Choices

You have the following rights (EU, UK and globally). These rights apply across MATCH, SPACES and HUNTER.

6.1 Access Your Data

You can request a complete copy of all data we hold about you. In the app, go to Settings > Account & Security > Download My Data. We will generate a structured export file and send a secure download link to your email within 24 hours.

6.2 Correct Your Data

You can update or correct your profile information at any time through the app. Go to Profile > Edit Profile to modify your MATCH or SPACES profiles.

6.3 Delete Your Data

You can delete your account and all associated data. Go to Settings > Account Actions > Delete Account. The deletion process includes:

  1. A clear warning about what will be deleted
  2. An offer to download your data before deletion (required by GDPR)
  3. Password verification
  4. A typed confirmation ("DELETE")
  5. A 30-day grace period during which you can cancel the deletion
  6. After 30 days, permanent and irreversible deletion of all your data

6.4 Data Portability

You can export your data in a structured, machine-readable JSON format. This export includes your profile data, preferences, content and interactions across MATCH, SPACES and HUNTER.

6.5 Object to Processing

You can object to certain types of data processing through Settings > Privacy > Data Processing:

  • Marketing communications: opt in or out
  • Analytics tracking: opt in or out
  • Personalisation: opt in or out
  • Location tracking: opt in or out

6.6 Restrict Processing

You can request a temporary freeze on the processing of your data by contacting us at info@stardustmeet.com.

6.7 Withdraw Consent

Where we rely on your consent to process your data, you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.

6.8 Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe your data protection rights have been violated.

Response Times: We respond to all data rights requests within 30 days. For complex requests, we may extend this to 60 days with prior notice.

7. Legal Basis for Processing (EEA/UK Users)

We process your personal data only where we have a lawful basis:

Legal BasisApplies To
ContractCore service provision — creating your account, matching, messaging, community features and marketplace
ConsentMarketing communications, location tracking, analytics, personalisation
Legitimate InterestPlatform safety, fraud prevention, service improvement, security
Legal ObligationFinancial record keeping, safety report retention, responding to legal requests

7.2 Automated Decision-Making (GDPR Article 22)

We use automated systems for:

  • MATCH compatibility and suggestions: Automated scoring based on your preferences, interests, location and activity patterns
  • AI-powered analysis for Pro users: Semantic analysis of your bio and interests to identify deeper compatibility patterns. This processes only your bio text and interest selections — not your name, email, photos or location. Data is not stored by the third-party provider and is deleted immediately after processing.
  • Content moderation and safety detection: Automated tools to detect and flag content that potentially violates our Terms of Service. Flagged content is generally reviewed by human moderators. In cases of suspected CSAM or extreme violations, automated systems may immediately suspend accounts to protect user safety.
  • Marketplace relevance in HUNTER: Automated ranking and discovery to surface relevant listings.

These systems assist decision-making but do not produce legal or similarly significant effects. You may request human review at any time by contacting info@stardustmeet.com.

8. International Data Transfers

We operate globally, and your data may be transferred to and processed in countries other than the country in which you reside. We use the following safeguards:

  • EU–US Data Privacy Framework compliance
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable

9. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption at rest: All databases use AES-256 encryption
  • Encryption in transit: All communications use TLS 1.3
  • Password security: Passwords are hashed using bcrypt with a cost factor of 12
  • Access controls: Role-based access with least-privilege principles
  • Token security: Access tokens expire after 15 minutes; refresh tokens after 7 days
  • Audit logging: All data access and modifications are logged
  • Rate limiting: API endpoints are rate-limited to prevent abuse
  • Input validation: All user inputs are validated and sanitised

We notify regulators within 72 hours of qualifying breaches, as required under GDPR, and notify affected users without undue delay.

9.1 Child Safety, CSAM Removal and EU DSA Compliance

We operate a reactive-only child safety stack. We do not perform proactive Electronic Service Provider (ESP) scanning of user content and we do not submit reports to NCMEC unless legally compelled to do so. This approach is aligned with the EU Digital Services Act and EU privacy law.

  • When suspected CSAM is reported and confirmed by an admin, the file is removed and a SHA-256 hash of the offending content is retained indefinitely so the same file cannot be re-uploaded.
  • Reports of illegal content (CSAM, hate speech, terrorist content) are processed under the EU Digital Services Act (Regulation 2022/2065) "Notice and Action" mechanism (Article 16).
  • Where content is removed or access restricted following a report, we provide a Statement of Reasons to affected users in line with Article 17 of the DSA.
  • We cooperate with competent national authorities and law enforcement where legally required.

10. Children's Privacy

The Service is strictly for users aged 18 or older. We do not knowingly collect personal information from anyone under 18 and will delete such accounts immediately if identified.

If you believe a minor has created an account on the Service, please contact us at info@stardustmeet.com.

11. Cookies and Tracking Technologies

The mobile app does not use browser cookies. We use the following technologies:

  • Firebase Analytics: For app usage analytics (can be opted out through Settings > Privacy > Data Processing > Analytics)
  • Wiredash: For in-app feedback — when you submit feedback, Wiredash collects your feedback text, a screenshot of the current screen, device info and app version. Wiredash does not collect data outside of explicit feedback submissions.
  • Sentry: For crash reporting and error monitoring (collects device information and error data, not personal profile data)
  • Push Notification Tokens: Device tokens for delivering notifications (managed by OneSignal, which relays through APNs on iOS and Firebase Cloud Messaging on Android)

We do not use third-party advertising trackers or sell data to advertisers.

12. U.S. State Privacy Rights

We extend GDPR-level rights — access, correction, deletion and portability — to all users globally, including residents of US states with specific privacy laws (such as California, Virginia, Colorado, Connecticut, Utah and Texas). We do not sell your personal information. To exercise your rights, use the in-app tools described in Section 6 or contact us at info@stardustmeet.com.

13. In-App Purchases and Subscriptions

We process in-app purchases and subscriptions through Apple (App Store) and Google (Google Play). We receive confirmation of your purchase and subscription status for service provisioning purposes, but we do not collect or store your payment card details, bank account information or other financial payment instruments. For current pricing, subscription tiers and purchase terms, please refer to our Terms of Service.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify users via the Service
  • Request acknowledgment where required by law

15. Contact Us

Privacy Enquiries

Data Protection Officer

Legal Enquiries

Document Version: 1.6.0  |  Effective Date: May 7, 2026  |  Last Updated: May 7, 2026

© 2026 StarDust Meet AB — stardustmeet.com